General
-
Target
76cfebf5f02b172ebacce2eed8cfce2e
-
Size
402KB
-
Sample
240126-jvqbnshcg5
-
MD5
76cfebf5f02b172ebacce2eed8cfce2e
-
SHA1
b486be70228709773c3d47b3b28038341fd5eb2a
-
SHA256
40433a077e5698641b0e57c21dae3730b6c96a2e03bc01eda7adf53764031d77
-
SHA512
8fca51c8233d85b22d2e4c2b335875bdaa1aaf9ab570522d179932f01435fc2ef3b0556b2e5aa8b683459ecc8645af6cbd0624077ac062849767e8a74a2393fd
-
SSDEEP
6144:smaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDg0:FSmLAuEY71fviagATFmebVQDcYcA
Behavioral task
behavioral1
Sample
76cfebf5f02b172ebacce2eed8cfce2e.exe
Resource
win7-20231215-en
Malware Config
Extracted
njrat
0.6.4
hhhmach.ddns.net:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
76cfebf5f02b172ebacce2eed8cfce2e
-
Size
402KB
-
MD5
76cfebf5f02b172ebacce2eed8cfce2e
-
SHA1
b486be70228709773c3d47b3b28038341fd5eb2a
-
SHA256
40433a077e5698641b0e57c21dae3730b6c96a2e03bc01eda7adf53764031d77
-
SHA512
8fca51c8233d85b22d2e4c2b335875bdaa1aaf9ab570522d179932f01435fc2ef3b0556b2e5aa8b683459ecc8645af6cbd0624077ac062849767e8a74a2393fd
-
SSDEEP
6144:smaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDg0:FSmLAuEY71fviagATFmebVQDcYcA
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1